JP2022009659A - Operation authentication repeating device, method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it possible to perform access management such as identifying a person who executed an operation, grasping the content of the operation performed by the person, and invalidating an operation beyond the authority range, without modifying the software or the like of an information terminal.

SOLUTION: A repeating device connected between an information terminal and one or more peripheral devices that are communication-connected to the information terminal and input information to the information terminal includes: authentication means which is recognized as a peripheral device by the information terminal and is recognized as an information terminal by the peripheral device, for authenticating a user who uses the information terminal by operating the peripheral device; and control means for controlling repeating of an operation signal of the peripheral device by the user to the information terminal based on the authentication result of the user.

SELECTED DRAWING: Figure 1B

COPYRIGHT: (C)2022,JPO&INPIT

Description

The present invention relates to an operation authentication relay device, a method, and a program.

For example, operation monitoring systems installed in important infrastructure facilities such as the central operation room of a power plant have been becoming more open in recent years. As an example, instead of the conventional dedicated monitoring device, the use of a system in which dedicated monitoring software is installed in a general-purpose information terminal equipped with a general-purpose operating system in general-purpose hardware is being used. With such openness, the display has also been replaced from a dedicated display device to a general-purpose flat display panel. In addition, the operating device also operates the GUI (Graphical User Interface) on the information terminal, in which the icons and buttons displayed on the screen are operated with a pointing device such as a mouse or a keyboard from the conventional dedicated physical operation panel. It is changing to.

On the other hand, in recent years, the risk of cyber attacks on critical infrastructure, which is becoming more and more electronic, is increasing. In some foreign countries, security regulations with penalties have also been introduced.

For this reason, it is an urgent task for the industry to take various security measures in the operation monitoring system as it becomes open.

In terms of security, for example, unauthorized operation of an operation monitoring system by a person inside the organization is generally regarded as a large risk. Therefore, in order to suppress or prevent unauthorized operations on the operation monitoring system by humans inside, for example, regarding predetermined or arbitrary operations on information terminals and the like related to the operation and maintenance of the operation monitoring system, for example.
1) Being able to identify the person who performed the operation on the information terminal,
2) Being able to grasp in detail the operation details performed by the person on the information terminal, and
3) It is possible to invalidate operations beyond the scope of authority given to the person, or to issue a warning for such operations.
Implementation of functions such as is desired.

Generally, such a function is called an "access control function" for an information terminal. The most popular type of access management method is to authenticate a user by inputting a user name and a secret password (user account).

However, in many operation monitoring systems, a user account is not prepared for each user, a single user account is shared (user ID and password are shared), and the account is authenticated (logged in). The operation method is to maintain the state).

That is, the procedure of logging in every time the user operates and logging out when the operation is completed is not taken.

One of the reasons for this is that each user performs a login operation by typing in a user name and password from the keyboard prior to the operation, which lowers the operation efficiency.

When an unauthorized operation is performed on the operation monitoring system by an input operation by a person inside the organization on an information terminal that shares a user account and is always logged in, the person who performed the operation can be identified. It is difficult to grasp the specific operation contents performed by a person.

Further, in general, the access management function is preliminarily incorporated in software operating on the information terminal such as an operating system (OS) operating on the information terminal or monitoring software.

Therefore, in an operation monitoring system including an information terminal that does not originally have such an access control mechanism, it is necessary to replace or update (update) the software when introducing the access control function.

However, in general, an information terminal deployed in an operation monitoring system has a problem that, for example, due to the high reliability required for the system, the cost of software replacement and updating is high and difficult. ..

The reason is that, for example, when software is added to the information terminal deployed in the operation monitoring system, the added software function affects the existing software function (software installed in the information terminal, etc.) and its operation timing. This is because function verification, operation verification, etc. are required, such as whether or not they are given, and a large amount of manpower is required for these verification work.

In addition, considering the impact on the actual machine such as the equipment of the operation monitoring system, it may be difficult to test the added software function while the actual machine is in operation.

Even in information terminals deployed under such a system environment (information terminals that use shared accounts or information terminals that do not have a login function), the information terminals can be used without modifying the software of the existing information terminals. Regarding the operations performed in
1) A mechanism that can identify the person who performed the operation,
2) A mechanism that allows you to grasp in detail the details of the operations performed by the person.
3) A mechanism that can invalidate operations that exceed the scope of authority given to the person, or issue a warning for such operations.
It is desirable to provide some or all of.

Note that Patent Document 1 transmits and receives information used with a computer device (user terminal) as a configuration for handling protected information for an external memory that does not have an information encryption function. It is a second interface for transmitting and receiving information used between the first interface and an external memory (USB (Universal Serial Bus) memory, USB hard disk, etc.), and is provided with a security area for storing protected information. A security adapter having a second interface for transmitting and receiving information used to and from an external memory and a controller provided between the first interface and the second interface is disclosed. The controller performs a security process for determining whether or not the user is a legitimate user who has access authority to the security area, based on at least the authentication information sent through the computer device. Then, the controller reads out the protection target information for the security area based on the request from the computer device, provided that the user of the computer device is determined to be the legitimate user in the security process. Performs processing and writing processing.

Japanese Unexamined Patent Publication No. 2008-197963

Operations on an information terminal that uses a shared account or does not have a login function are preferably performed without modifying the software of the information terminal.
1) It is possible to identify the person who performed the operation.
2) It is possible to grasp the details of the operations performed by the person.
3) Disable operations beyond the scope of authority given to the person, or issue a warning for such operations.
It is desired to realize an access control mechanism that enables at least one or all of the functions of the above.

Therefore, the present invention is to provide a device, a method, and a program that make it possible to realize an access control mechanism that solves at least one of the above problems.

According to one embodiment of the present invention, it is an operation authentication relay device connected between an information terminal and one or a plurality of peripheral devices communicatively connected to the information terminal, and is peripheral from the information terminal. The authentication means that is recognized as a device, is recognized as an information terminal by the peripheral device, and operates the peripheral device to authenticate the user who uses the information terminal, and the authentication result of the user by the authentication means. Based on this, an operation authentication relay device including a control means for controlling relay of a signal between the peripheral device and the information terminal is provided.

According to another aspect of the present invention, an operation authentication relay device connected between an information terminal and one or a plurality of peripheral devices that are communication-connected to the information terminal and input information to the information terminal. There is an operation authentication relay method by
The relay device is
It is recognized as a peripheral device by the information terminal, and is recognized as an information terminal by the peripheral device.
By operating the peripheral device and authenticating the user who uses the information terminal,
An operation authentication relay method for controlling relay of an operation signal of the peripheral device to the information terminal by the user based on the authentication result of the user is provided.

According to another aspect of the present invention, an operation authentication relay device connected between an information terminal and one or a plurality of peripheral devices that are communication-connected to the information terminal and input information to the information terminal. To the computers that make up
A process of controlling so that the information terminal recognizes it as a peripheral device and the peripheral device recognizes it as an information terminal.
The process of operating the peripheral device to authenticate the user who uses the information terminal, and
A process of controlling relay of an operation signal of the peripheral device to the information terminal by the user based on the authentication result of the user.
Is provided with a program to execute.

According to the present invention, a computer-readable recording medium (for example, RAM (Random Access Memory), ROM (Read Only Memory), or EEPROM (Electrically Erasable and Programmable ROM)) or other semiconductor storage or HDD that stores the above program. (Hard Disk Drive), CD (Compact Disc), DVD (Digital Versatile Disc), and other non-transitory computer readable recording media are provided.

According to the present invention, it is possible to realize an access control mechanism that can solve at least one of the above problems.

It is a figure explaining the related technique. It is a figure explaining one embodiment of this invention. It is a figure explaining the operation of one form of this invention. It is a figure explaining an exemplary embodiment of this invention. It is a figure explaining the USB communication by the relay device of 1st Embodiment of this invention. It is a figure explaining the exemplary 1st Embodiment of this invention. It is a figure explaining the USB device. It is a figure explaining the composite USB device. It is a figure explaining the control transfer in 1st Embodiment of this invention. It is a figure explaining the frame of USB. It is a figure explaining an interrupt input transaction. It is a figure explaining an interrupt output transaction. It is a figure explaining the exemplary 1st Embodiment of this invention. It is a figure which shows an example of the registration data. It is a figure which shows an example of the authentication history. It is a figure which shows an example of the operation event history. It is a figure explaining the exemplary 1st Embodiment of this invention. It is a figure explaining the exemplary 1st Embodiment of this invention. It is a figure explaining the exemplary 1st Embodiment of this invention. It is a figure explaining the exemplary 1st Embodiment of this invention. It is a figure explaining the exemplary 1st Embodiment of this invention. It is a figure explaining the modification of the 1st Embodiment of this invention. It is a figure explaining the modification of the 1st Embodiment of this invention. It is a figure explaining the modification of the 1st Embodiment of this invention. It is a figure explaining the modification of the 1st Embodiment of this invention. It is a figure explaining the 2nd Embodiment of this invention. It is a figure explaining the 3rd Embodiment of this invention.

An embodiment of the present invention will be described. 1A and 1B are diagrams for explaining a system configuration which is a premise of the present invention and a system of one aspect of the present invention, respectively.

In FIG. 1A, the system 1A includes an information terminal 20, peripheral devices 30-1 to 30-n on which a user (operator) operates the information terminal 20, and information terminals 20 and peripheral devices 30-1 to 30. Includes wired or wireless communication interfaces 40-1 to 40-n responsible for communication with -n. The information terminal 20 may be, for example, a PC (Personal Computer) or the like that constitutes an operation monitoring system. In this case, the operation monitoring system may be, for example, a power system monitoring / control system that controls and monitors the amount of power generated at a power plant or the like, and the information terminal 20 may be a PC or the like that functions as an operation console. Further, as described above, the information terminal 20 may be, for example, an information terminal for which a user shared account is used or which does not have a login function. The same applies to the following embodiments.

Although one information terminal 20 is exemplified in FIG. 1A for the sake of simplicity, a plurality of information terminals 20 may be used (the number thereof is not particularly limited). In the peripheral devices 30-1 to 30-n, communication interfaces 40-1, ..., 40-n connected to the information terminal 20, n is set to 1 or more (that is, the peripheral device 30 may be one). ). When it is not necessary to specify and distinguish branch numbers in the reference codes of the elements in the drawing (for example, when it is not necessary to distinguish and refer to each element), the peripheral device 30, the communication interface 40, etc. Described without a branch number. The same notation is used in the following embodiments.

As shown in FIG. 1B, the system 1B according to one aspect of the present invention is an operation authentication relay device 10 (hereinafter referred to as an operation authentication relay device 10) that performs operation authentication between the information terminal 20 and the peripheral device 30 with respect to the system 1A of FIG. 1A. (Abbreviated as "relay device") is arranged. The relay device 10 is connected to peripheral devices 30-1 to 30-n via communication interfaces 40-1 to 40-n. The information terminal 20 is connected to the relay device 10 via the communication interface 40-0. The relay device 10 may be configured to be logically connected between the communication paths (paths) between the information terminal 20 and the peripheral device 30. In this case, the relay device 10 may be configured to be arranged in the housing of the information terminal 20, for example. The communication interfaces 40-0 and 40-1 to 40-n may be the same communication interface or may include different communication interfaces as described in the following embodiments.

In FIG. 1B, even if a peripheral device (for example, a pointing device such as a keyboard or a mouse) used when a user operates the information terminal 20 is connected to the information terminal 20 via a relay device 10. good. On the other hand, NICs (Network Interface Cards) such as LAN (Local Area Network) adapters, which are peripheral devices of the information terminal 20, and HDDs (Hard Disk Drives) are directly connected to the information terminal 20 without going through the relay device 10. It may be configured as such.

Although not particularly limited, in FIG. 1B, the information terminal 20 uses a common account for each user, and is in a logged-in state after the first login until, for example, shutting down. Alternatively, the information terminal 20 may be an information terminal that does not have a login function.

The relay device 10 is between the peripheral device 30 and the information terminal 20 based on the authentication result of the authentication unit 11 and the authentication unit 11 that operates the peripheral device 30 to authenticate the user who uses the information terminal 20. It includes an authentication unit 11 and a controller 12 that control to block communication.

In the present embodiment, the relay device 10 is configured to be recognized as one peripheral device by the information terminal 20.

In the present embodiment, the relay device 10 may be configured to be recognized as an information terminal by the peripheral device 30.

The relay device 10 connected to the plurality of peripheral devices 30 may be configured to be recognized by the information terminal 20 as one composite peripheral device having the functions of the plurality of peripheral devices 30.

In the relay device 10, the controller 12 is an operation event that the peripheral device 30 transmits or receives to and from the information terminal 20 via the communication interface 40 based on the user's attribute or the like, which is the authentication result of the authentication unit 11. It may be controlled to pass or block the passage.

In the relay device 10, the controller 12 is
・ User authentication result and
-The peripheral device 30 is controlled to pass or block the operation event transmitted or received from the information terminal 20 via the communication interface 40 according to the type of the peripheral device 30 and the combination of the operation events. You may do it. The controller 12 may be configured to store the operation event between the information terminal 20 and the peripheral device 30 in the storage unit.

In the relay device 10, the controller 12 sends an appropriate operation event on behalf of the peripheral device 30 (based on the authentication result or at the output timing of the authentication result) according to the authentication result in the authentication unit 11. It may be configured to be generated (on behalf of the user) and transmitted to the information terminal 20.

In the relay device 10, the authentication unit 11 may be configured to store the user's authentication history in the storage unit. The controller 12 may extract (specify) the operation contents performed by the user on the peripheral device by associating the user's authentication history with the operation event history.

In the relay device 10, the authentication unit 11 may specify the access authority information corresponding to the user based on the authentication result (biometric authentication result) such as the biometric authentication of the user, for example, face authentication. The controller 12 may be configured to control the relay of signals between the information terminal 20 and the peripheral device 30 operated by the user based on the access authority information corresponding to the user in the authentication unit 11.

In the relay device 10, when the controller 12 detects an operation of the peripheral device 30 that exceeds the access authority information of the user, the operation may be invalidated or an alarm may be issued.

When the peripheral device 30 connected to the relay device 10 includes an input device such as a mouse or a keyboard, the controller 12 of the relay device 10 is the information terminal 20 based on the user's access authority information acquired by the authentication unit 11. Either control the information displayed on the screen of the display device (for example, control the brightness of the display information to make some of the display contents on the screen invisible (or difficult to see), or block the display signal, etc.), or , The input from the screen (for example, a specific area) of the display device by the input device such as a mouse or a keyboard (for example, mouse cursor operation) and the operation of the icon, the button, etc. displayed on the screen may be controlled.

In the relay device 10, the authentication unit 11 may preferably repeatedly perform authentication at predetermined time intervals.

In the relay device 10 to which the plurality of peripheral devices 30 are connected, the controller 12 rewrites the device identification information of the control plane so that the plurality of peripheral devices 30 can be seen from the information terminal 20 as a single peripheral device. After that, the information terminal 20 may be notified. In this case, the information terminal 20 operates to recognize the relay device 10 to which the plurality of peripheral devices 30 are connected as one pseudo composite device having the functions of the plurality of peripheral devices 30. Further, the controller 12 of the relay device 10 is changed to the type of the constituent device, for example, the plurality of peripheral devices 30 connected to the relay device 10 are changed from the peripheral devices A and B to the peripheral devices A and C. If there is, the information terminal 20 may be configured to notify the device identification information different from the device identification information. In this case, the information terminal 20 operates to recognize the relay device 10 to which the plurality of peripheral devices 30 whose types have been changed are connected as one pseudo composite device having the functions of the plurality of peripheral devices 30. ..

When the type or combination of one or more peripheral devices 30 connected to the relay device 10 is changed, the controller 12 communicates with the information terminal 20 (the information terminal 20 and the peripherals via the relay device 10). After the reset of the communication interface connected to the device 30) is performed, the device identification process by the information terminal 20 may be controlled to be executed again.

FIG. 2 is a diagram illustrating an example of an access control operation in the relay device 10 described with reference to FIG. 1B. Referring to FIG. 2, the authentication unit 11 authenticates the user of the information terminal 20 (step S1). If the authentication result is OK (YES in step S2), the authentication unit 11 acquires the attribute information (access authority) of the authenticated user (step S3). In this case, the relay device 10 accesses the database or the like in which the registration data for authentication, the access authority of the group to which the user belongs, etc. are registered in advance via the communication means, and the attribute information (affiliation) of the authenticated user. The department, job title, access authority information, etc.) may be acquired. The relay device 10 may cache the correspondence between the acquired registration data for authentication and the attribute information of the user in a memory or the like in the relay device 10.

The controller 12 of the relay device 10 permits (passes) or disallows data transfer between the peripheral device 30 and the information terminal 20 according to the user's attribute information (access authority, etc.) which is the authentication result of the authentication unit 11. (Blocking) and the like are controlled (step S4). In step S4, when the relay device 10 detects an operation exceeding the range of the user's attribute information (access authority), the controller 12 invalidates the operation or issues a warning to the operation. You may try to do it.

If the authentication result in the authentication unit 11 is NG (failure) (NO in step S2), the relay device 10 disallows the access operation of the information terminal 20 by the user. That is, the transfer of data between the peripheral device 30 and the information terminal 20 is disallowed (step S5). Therefore, the user cannot operate the information terminal 20 from the peripheral device 30 side.

In the relay device 10, the series of processes of steps S1 to S5 in FIG. 2 may be preferably executed at predetermined predetermined time intervals (for example, in units of 1 second). In this case, after the process of steps S1 to S5 of FIG. 2 is executed in the relay device 10, when a predetermined time predetermined by a built-in timer (not shown) or the like has elapsed, step S1 of FIG. 2 is performed again. Is executed, and step S3-S4 or step S5 is executed based on the authentication result.

According to the embodiment, in the relay device 10, the controller 12 can identify the user who has executed the operation (predetermined operation) of the peripheral device 30 based on the identification result of the user (user) in the authentication unit 11. It may be configured to be used. For example, in the relay device 10, the controller 12 monitors the signal transferred between the peripheral device 30 and the information terminal 20, collects a history (operation event history) in correspondence with the transfer time, and the authentication unit 11. Based on the user's authentication result and the history of that time (information that a person at what time was identified), the operation event between the peripheral device 30 and the information terminal 20 corresponding to the operation performed by the user is extracted. However, the configuration may be such that the operation history of the user can be grasped in detail.

FIG. 3 is a diagram illustrating an exemplary first embodiment of the present invention, and is a diagram schematically illustrating an example of the system 1B described with reference to FIG. 1B. In this embodiment, USB (Universal Serial Bus) is used as the communication interface 40 of FIG. 1B, a USB keyboard 30-1 and a USB mouse 30-2 are used as peripheral devices 30 of the information terminal 20, and a camera 13 is used as an authentication unit 11. It is a figure which schematically exemplifies the configuration which performs the face recognition of the user 50 by the above. When the USB keyboard 30-1 and the USB mouse 30-2 are not distinguished from each other, they are simply referred to as the USB device 30. Further, the reference code 40 (communication interface) is referred to as a USB interface.

The authentication unit 11 acquires the image data captured by the camera 13 and detects the face of the user 50 from the image data. The authentication unit 11 collates the detected facial image with a photographic image of a person (for example, an employee, a contract employee, etc.) registered in advance, and the user imaged by the camera 13 is registered in advance. Identify which of the people you are. The camera 13 may be a camera mounted on the information terminal 20 (a Web camera built in the upper part of the screen) or the like. In this case, the authentication unit 11 acquires the image data (digital data) captured by the camera 13 by the information terminal 20 via a predetermined communication means.

The authentication unit 11 refers to the access authority registered in advance for the user 50 determined to match the registered person as a result of face authentication, and obtains the access authority information regarding the information terminal 20 of the user 50. Output to the controller 12.

As the access authority information regarding the information terminal 20 of the user 50, the user 50 belongs to a management group in which parameter setting input or the like from the information terminal 20 is permitted, or parameter setting input from the information terminal 20 is permitted. It may be information on access authority managed for each group, such as whether it belongs to a browsing group for which etc. is not permitted. Alternatively, when the number of users who have the opportunity to operate the information terminal 20 is small, it is of course possible to set the access authority for each user.

Although not particularly limited, for example, as an access restriction specification based on the access authority information of the user 50, for example,
a) Operation on the information terminal 20 is not permitted (operation on all peripheral devices 30 is not permitted).
b) Peripheral device permission / non-permission in 30 units,
c) Permitted / not permitted for each operation type in the peripheral device 30
d) Permission / disapproval on the display screen of the information terminal 20
Etc. may be instructed to control one or a plurality of combinations.

Of these, in a), the operation of the user 50 with the USB keyboard 30-1 and the USB mouse 30-2 is not permitted in the relay device 10.

In the relay device 10, for example, when the user 50 does not match the registered person as a result of face recognition by the authentication unit 11 (step S5 in FIG. 2), the authentication unit 11 sends the controller 12 to the controller 12. Access restrictions are specified.

In b), the relay device 10 is controlled, for example, the operation of the USB keyboard 30-1 by the user 50 is disallowed.

In c), for example, regarding the operation of the USB mouse 30-2 by the user 50 in the relay device 10.
-Wheel (center button) operation (scroll operation, operation to enlarge / reduce font size with Ctrl key on keyboard),
・ Left button operation (for example, select or enter),
・ Right button operation (call function / menu)
Control of permission and disapproval is performed for each operation. Alternatively, in the case of the USB keyboard 30-1, for example, control is performed such as disallowing the input of the Enter key among the key inputs by the user 50.

In d), in the relay device 10, for example, operation in a specific area on the screen of the information terminal 20, permission or disapproval of the operation for each operation by the user 50 for a predetermined icon such as a bar or a button. Permission control is performed.

The authentication unit 11 acquires image data from the camera 13 and detects a face from the image data, for example, as a result.
-Whether the face of the user who operates the information terminal 20 cannot be detected (absence or leaving the seat)
-The facial features of the person whose face is detected do not match any of the multiple people who registered the facial features.
-As a result of face authentication, it was determined that the person was a registered person, but the person is not permitted to operate the information terminal 20.
In some cases, etc., the controller 12 is instructed that access by the user 50 is not permitted for the corresponding peripheral device 30. The controller 12 may invalidate the operation of the peripheral device 30 or notify the alarm from an alarm device (speaker, indicator light) (not shown).

In FIG. 3, the relay device 10 operates as a peripheral device (pseudo USB device) for the information terminal 20, and is a USB host for the peripheral device 30 (USB keyboard 30-1, USB mouse 30-2). Works as. The controller 12 of the relay device 10 transfers the polling from the information terminal 20 from the peripheral devices 30 (USB keyboard 30-1, USB mouse 30-2) to the relay device 10 based on the identification result of the authentication unit 11. It controls whether or not the returned data is returned and changes the data.

FIG. 4 is a diagram illustrating an example of the communication function of the controller 12 in the relay device 10 of FIG. USB communication is temporarily terminated by the controller 12. In the control plane, pseudo composite device information is generated (for example, a vendor ID (for example, a vendor ID) from the connected device information (device descriptors from a plurality of USB devices 30 connected to the relay device, etc.) received from the USB host function of the controller 12. (Issued to each vendor from the USB Implementers Forum), product ID (rewriting of the product ID (ID can be freely assigned to each product by each vendor)) is performed, and the device information of the USB device function in the controller 12 is performed. In response to the device information acquisition request from the information terminal 20, the USB device function in the controller 12 transmits pseudo composite device information to the information terminal 20. The information terminal 20 that has received the pseudo composite device information recognizes the USB device function in the controller 12 as one pseudo composite USB device.

In the data plane, data transfer / blocking is performed for each device according to the authentication result between the USB host function and the USB device function in the controller 12. Polling is performed between the respective host devices and there is no guarantee that their timing will be synchronized. The controller 12 operates to hold the polling result received from the subordinate USB device 30 until the next polling is received from the USB host of the information terminal 20.

Hereinafter, the operation of the relay device 10 on the control plane and the data plane will be further described. In USB, transfer methods between a USB device and a USB host include control transfer, interrupt transfer, isochronous transfer, and bulk transfer. Of these, control transfer is used for initial settings of USB devices and the like. Interrupt transfer is used to transfer a small amount of input data to a USB device such as a USB keyboard or a USB mouse by interrupting the USB device from the USB host. Isochronous transfer is used for transfer to transfer a certain amount of data at a fixed cycle in a device that handles sound and moving images such as a speaker, a microphone, a telephone, and a video conference. Bulk transfer is used for transferring large amounts of data such as printers and scanners.

For example, as shown in FIG. 5A, when one USB keyboard 30-1 and one USB mouse 30-2 are connected to the relay device 10, the controller 12 of the relay device 10 is viewed from the information terminal 20. The USB device function of the relay device 10 is set to be seen as a single pseudo composite device having both the functions of the USB keyboard 30-1 and the USB mouse 30-2.

As schematically shown in FIG. 5B, in USB, the configuration of the device is represented by the configuration descriptor and the function of the device is represented by the interface descriptor. As schematically shown in FIG. 5C, the USB composite device operates as a device having a plurality of functions by having a plurality of the interfaces. In the present embodiment, the controller 12 of the relay device 10 rewrites and relays the vendor ID and the product ID, which are the information elements of the device descriptor to be returned in response to the device descriptor request (GET_DESCRIPTOR (DEVICE)) transferred from the information terminal 20. Notify the information terminal 20 that the device 10 has the configuration of FIG. 5C. The vendor ID and product ID are used to identify the connected USB device.

Next, an example of the operation (control transfer) of the relay device 10 in the control plane will be described. As described above, for example, when a plurality of USB devices are connected to the relay device 10, the controller 12 of the relay device 10 is a single pseudo-pseudo having the functions of the plurality of USB devices when viewed from the information terminal 20. Notify the information terminal 2 of device information (pseudo composite device information) so that it can be seen as a composite device. In a USB device, the device configuration is represented by a device descriptor, a configuration descriptor, or the like, and the function of the device is represented by an interface descriptor or the like. As schematically shown in FIG. 5C, the composite USB device operates as a device having a plurality of functions by having a plurality of interfaces.

The rewrite function 121 of the controller 12 of the relay device 10 is a vendor that is an information element of the device descriptor in response to a device descriptor request (GET_DESCRIPTOR (DEVICE)) transmitted from the information terminal 20 to the USB device function of the controller 12 by control transfer. The ID and product ID are rewritten to generate a device descriptor of a pseudo composite USB device. The device descriptor of the generated pseudo composite USB device is notified to the information terminal 20 via the USB device function of the controller 12.

FIG. 6 is a schematic diagram illustrating an outline of a USB Plug and Play connection procedure in the present embodiment. For example, when the USB keyboard 30-1 and the USB mouse 30-2 are connected to the USB port of the relay device 10 in the power-on state, the USB host function in the controller 12 of FIG. 4 is applied to the USB device 30 in FIG. It may operate as a USB host in. Although not particularly limited, the relay device 10 has an internal DC power supply voltage, for example, an AC adapter (AC-DC converter) that converts a commercial AC power supply to DC, a DC-DC converter that extracts a desired DC voltage from the DC voltage, and the like. It shall be supplied to the circuit. In this case, when viewed from the information terminal 20, the USB device function in the controller 12 of FIG. 4 functions as a self-powered type having a built-in power supply.

The USB host function in the controller 12 of the relay device 10 is that the cable of the USB device 30 is connected to the USB port (either of the two USB data signal lines D ⁺ or D ^- is 3.3V). (Attachment detection of S11), the USB host function in the controller 12 of FIG. 4 outputs the first reset (SET) (both of the two USB data signal lines D ^{+ and} D- for a certain period of time. (Low level) (S12), control transfer is started.

The USB host function in the controller 12 of FIG. 4 sends a device descriptor acquisition request (GET_DESCRIPTOR (DEVICE)) to the USB device (S13). The USB device (USB device function such as the USB keyboard 30 in FIG. 4) returns the first 8 bytes of the device descriptor (S21). Immediately after that, the USB host function in the controller 12 applies a second reset (SET) (S14).

The USB host function in the controller 12 of FIG. 4 transmits an address setting request (SET_ADDRESS) (S15). The USB device (30 in FIG. 4) sets a designated address (S22), and the USB host function in the controller 12 in FIG. 4 and the USB device (30 in FIG. 4) communicate with each other at this address. Subsequently, the USB host function in the controller 12 of FIG. 4 sends a device descriptor acquisition request (GET_DESCRIPTOR (DEVICE)) (S16), and the USB device (30 of FIG. 4) is the rest of the device descriptor (vendor ID (idVendor)). ), Product ID (including idProduct)) is transmitted (S23). Subsequently, the USB host function in the controller 12 of FIG. 4 sends a configuration acquisition request (GET_DESCRIPTOR (CONFIGURATION)) (S17), and the USB device (30 of FIG. 4) returns the configuration (S24).

The USB host function in the controller 12 of FIG. 4 sends a configuration setting request (S18), and when the configuration of the USB device 30 is completed (S25), data communication with the relay device 10 is possible. Become. However, when the relay device 10 is not connected to the information terminal 20, the relay device 10 may be configured not to poll the USB device 30.

Here, the device descriptor (one for each device, fixed at 18 bytes) contains information on the number of USB class (bDeviceClass), USB subclass (bDeviceSubClass), vendor ID (idVendor), product ID (idProduct), and configuration descriptor. include. The configuration descriptor describes the configuration information of the device and includes the number of the configuration and the number of interfaces (interface descriptors). An interface descriptor is a descriptor for representing the function of a device, and includes an interface number, a USB class, a subclass, protocol information, and a number of endpoints. The endpoint descriptor (fixed to 7 bytes) includes the data transfer type, transfer direction, packet size, and polling time of the endpoint.

The endpoint is an end point (termination) of a logical communication path between the USB host and the USB device, and is composed of a buffer such as a FIFO (First In First Out). The information terminal 20 (USB host) determines the number of endpoints of the USB device, the transfer method and transfer direction of each endpoint, and sets them in the USB host function in the configuration settings before starting data communication. deep. The buffer of the USB host and the endpoint (FIFO buffer) of the USB device are connected by a pipe which is a logical communication line. When the communication actually starts, the controller on the USB device side identifies the packet flowing on the USB bus and distributes it to each endpoint. Endpoint 0 is used only for control transfer.

The rewriting function 121 of the controller 12 of FIG. 4 rewrites the vendor ID and the product ID of the device descriptor based on the descriptor information acquired from the USB device 30, and further, the device corresponding to the configuration of the composite USB device of FIG. 5C. Create descriptors, configuration descriptors, interface descriptors, etc. When only one USB device 30 is connected to the relay device 10, the controller 12 may notify the information terminal 20 as one USB device in a pseudo manner. At this time, the controller 12 of the relay device 10 may not rewrite the product ID of the descriptor acquired from the USB device 30.

When the USB cable (plug) of the relay device 10 is connected to the USB port of the information terminal 20, the information terminal 20 is the USB host of FIG. 6, and the USB device function in the controller 12 of the relay device 10 is the USB of FIG. Acts as a device. The information terminal 20 that detects the attachment and resets performs S13-S18 in FIG. 6, and the USB device function in the controller 12 of the relay device 10 performs the process in S21-S25 in FIG. That is, the USB device function in the controller 12 is rewritten into a pseudo composite USB device vendor ID (idVendor) and product ID (idProduct) in response to the device descriptor request (S16 in FIG. 6) from the information terminal 20. The device descriptor is returned (S23). Further, the USB device function in the controller 12 informs the configuration descriptor set to the number of interfaces corresponding to the composite device as the configuration of the relay device 10 in response to the configuration descriptor request (S17) from the information terminal 20. It will be returned to the terminal 20.

The operating system (OS) of the information terminal 20 searches for a vendor ID (idVendor) and a product ID (idProduct) for a device driver for the USB device, and activates the corresponding device driver. Since the USB keyboard 30-1 and the USB mouse 30-2 are HID (Human Interface Device) device classes, a standard device driver is loaded for each device in the information terminal 20. After that, communication is performed between the information terminal 20, the corresponding endpoint between the relay device 10, and the corresponding endpoint between the relay device 10 and the USB device 30.

On the USB bus, data is transferred in units called frames (1 msec (millisecond) cycle). As shown in FIG. 7A, one frame starts with an SOF (Start Of Frame) packet and consists of a plurality of transactions. Each transaction consists of each USB packet, a token packet, a data packet, and a handshake packet.

Token packet is
-SYNC data (8 bits) for synchronization,
-PID (Packet Identifier) (8 bits) indicating the packet type,
-Device address (ADDR) (7 bits),
-Endpoint (ENDP) (4 bits),
-Consists of CRC5 (Cyclic Redundancy Check) (5 bits) for error detection.
PID is
・ IN (forwarding to the host),
OUT (transfer from host to endpoint of device),
・ SOF (Start Of Frame),
・ SETUP (control transfer)
It consists of one of.

The data packet consists of SYNC, PID, and CRC16 (16-bit CRC).

The PID of the handshake packet includes ACK (data normal reception), NAK (data transfer failure), STALL (endpoint stall: device side inoperability, etc.).

As described above, the interrupt transfer is used for transferring a small amount of input data such as a USB keyboard and a USB mouse (HID device). That is, in USB2.0, USB1.1, etc., the information terminal 20 (USB host) is not notified that the USB device 30 such as the USB keyboard 30-1 and the USB mouse 30-2 is actively operated. , Did the information terminal 20 make inquiries to the USB keyboard 30-1 and the USB mouse 30-2 at regular intervals by making a cyclic inquiry (polling), and the USB keyboard 30-1 and the USB mouse 30-2 were operated? Check (inquire whether there is data in the endpoint (FIFA buffer) of the USB keyboard 30-1 or USB mouse 30-2). If the endpoint of the USB device 30 has data, the USB device 30 transmits the data to the information terminal 20. In USB3.0, polling is abolished, and when the USB device 30 wants to transfer data, the USB device 30 can issue a request to the USB host side to start communication.

In the case of interrupt input transfer, for example, as shown in FIG. 7B, the information terminal 20 which is a USB host sends a token packet whose PID is an input (IN) to a USB device, and the USB device interrupts the USB host. A data packet (DATA) containing data related to is transmitted to the USB host. If the USB host succeeds in receiving the data packet, it returns an acknowledgment (ACK) to the USB device. When the USB device receives the IN token packet from the host (at the time of polling), if there is no pending data at the endpoint (interrupt destination endpoint) specified by the IN token packet, the USB device sends a negative response (NAK) to the USB host. return. If an error has occurred at the interrupt destination endpoint on the USB device side, the USB device returns an error (STALL: device side inoperability). Furthermore, when the IN token packet from the USB host is in error, the USB device returns nothing.

In the case of interrupt output transfer, as shown in FIG. 7C, the information terminal 20 which is a USB host transmits a token packet whose PID is output (OUT). Subsequently, the USB host sends one or more data packets (DATA) to the USB device. When the USB device succeeds in receiving one or more data packets transmitted from the USB host, it returns an acknowledgment (ACK) to the USB host. On the other hand, if the USB device fails to receive the data packet from the USB host (for example, the endpoint buffer is not empty), it returns a negative response (NAK) to the USB host and the data packet to the USB host. Request to resend. If the USB device cannot operate due to an error at the endpoint of the USB device, the USB device returns STALL to the USB host.

In FIG. 4, the USB device 30 that has received a poll (for example, an IN token packet) from the USB host function in the controller 12 of the relay device 10 has data including data held in the endpoint (buffer) of the USB device 30. The packet is sent back to the USB host function of the controller 12.

The USB host function in the controller 12 of the relay device 10 passes the data from the USB device 30 to the passage / cutoff control function 122 in the controller 12.

The pass / block control function 122 in the controller 12 receives data received from the USB host function in the controller 12 based on the authentication result in the authentication unit 11, for example.
-Transfer to the USB device in the controller 12 or
-Perform a control operation to discard.

When the pass / cutoff control function 122 in the controller 12 transfers the data received from the USB host function in the controller 12, the data is passed to the USB device function in the controller 12, and the data is the USB device in the controller 12. Set to an endpoint within the function.

In the relay device 10 that has received the poll (for example, IN token packet) from the information terminal 20, if there is data at the endpoint of the USB device function of the controller 12, the data is returned as a data packet. In the USB host function of the relay device 10, device connection information from the USB device 30 (configuration descriptor (specified number of interfaces), interface descriptor (specified number of endpoints) and endpoint descriptor), USB of the information terminal 20 In the host function, each USB device (USB device) is based on the device connection information (configuration descriptor (specified number of interfaces), interface descriptor (specified number of endpoints) and endpoint descriptor) from the USB device function in the controller 12. Function) endpoint information can be obtained.

In this way, polling is performed between the information terminal 20 (USB host) and the USB device function of the relay device 10, and between the USB host function of the relay device 10 and the USB device 30. Therefore, the USB device function in the controller 12 is transmitted from the USB host function in the controller 12 from the subordinate USB device 30 in response to polling, and the data received via the pass / cutoff control function 122 is received by the information terminal 20. Performs the operation of holding until the next polling is received from the USB host of.

Further, the pass / cutoff control function 122 of the controller 12 has data exchanged with the USB host function in the controller 12, data exchanged with the USB device function in the controller 12, date and time (time information), and processing. Contents (data discard from the USB device 30, etc.), and if necessary, if it can be extracted from the data received from the USB host function in the controller 12, the operation with the USB device 30 extracted from the data, etc. , You may record it as a history.

In the pass / block control function 122 of the controller 12, the access authority of the user currently authenticated by the authentication unit 11 disallows a specific operation of the USB device 30 (a specific button operation of the USB mouse). In the case of, for example, the following control may be performed.

When the data is received from the USB host function in the controller 12 that has received the data from the USB device 30 in response to the polling to the USB device 30, the passage / cutoff control function 122 analyzes the data. As a result of analysis,
If the data does not correspond to an unauthorized operation, the passage / cutoff control function 122 transfers the data to the USB device function of the controller 12.
-When the data contains information (code) corresponding to an unauthorized operation, the pass / block control function 122 transfers the data to the USB device function in the controller 12, for example, after rewriting the data.
-If the data contains information (code) corresponding to an unauthorized operation, the pass / block control function 122 discards the data.
Etc. may be controlled.

As described above, the pass / block control function 122 of the controller 12 receives the data received from the USB device 30 in response to the polling from the USB host function in the controller 12, which is the authentication result of the authentication unit 11, that is, the user's. Controls whether to send back or block according to the attribute.

As the attribute information acquired by the authentication unit 11 as a result of the user's authentication, for example, identification information (ID), department or job title, access authority information, or the like may be used. The access authority information is information for controlling access permission / non-permission regarding reading, writing, etc. to peripheral devices. For example, a plurality of users are grouped according to the access authority, and a group to which the user belongs (administrator group). , Viewer group, etc.) may be set.

The pass / block control function 122 of the controller 12 is a controller 12 of data received by the USB host function in the controller 12 according to the combination of the type of the USB device 30 and the content of the operation in addition to the authentication result by the authentication unit 11. The data may be transferred (passed) to the USB device function in the device or the data may be discarded (blocked).

For example, when it is determined from the authentication result by the authentication unit 11 that the user belongs to the viewer group (the group in which the display of the information terminal 20 is permitted to be viewed), the pass / block control function 122 of the controller 12 may be used. Only the data received from the USB mouse 30-2 via the USB host function in the controller 12 may be transferred (passed) to the USB device function in the controller 12. That is, in this case, the pass / cutoff control function 122 of the controller 12 discards the data received from the USB keyboard 30-1 via the USB host function in the controller 12.

Alternatively, the pass / cutoff control function 122 of the controller 12 analyzes the contents of the data received from the USB mouse 30-2 via the USB host function in the controller 12 when it is determined that the operator belongs to the group A. , Of the mouse operations, for example, only the operation data of the right-click operation may be selectively discarded (blocked).

In the HID (Human Interface Device) class such as USB mouse 30-2 and USB keyboard 30-1, data is transferred in a unit called a report. For example, in the case of a mouse
・ X-axis movement amount,
・ Y-axis movement amount,
・ Movement direction and amount of movement since the last data output,
-A report summarizing information such as the state of the buttons (information on whether or not each button in the center of the left and right is pressed) is returned in response to polling from the USB host function in the controller 12.

The pass / block control function 122 of the controller 12 allows the access authority information acquired by the authentication unit 11 to only right-click the mouse, from the USB mouse 30-2 via the USB host function in the controller 12. Analyze the received data. As a result of analysis,
-When the state of the report button included in the data is the state of pressing the right button, the pass / cutoff control function 122 transfers (passes) the data to the USB device function in the controller 12.
-If the button state of the report included in the data indicates another state, the passing / blocking control function 122 may discard (block) the data.

Alternatively, when the pass / block control function 122 of the controller 12 determines that the user belongs to another group B by the authentication unit 11, the USB mouse 30-2 is used only in a specific area on the display screen of the information terminal 20. You may allow the click operation of.

At that time, the passage / cutoff control function 122 of the controller 12 controls the operation signal data of the click operation from the USB mouse 30-2 only when the mouse cursor (mouse pointer) is located on a specific area on the display screen. It may be transferred (passed) to the USB device function in 12, and the click operation signal data from the USB mouse 30-2 on the area other than the specific area may be blocked. In this case, the passage / cutoff control function 122 of the controller 12 acquires the area information of the display screen and the current position information of the mouse cursor (mouse pointer) from the information terminal 20, and performs polling by the USB host function of the controller 12. On the other hand, the amount of mouse movement included in the report returned from the USB mouse 30-2 is mapped to the position of the mouse cursor (mouse pointer) on the screen, and the position information of the mouse cursor (mouse pointer) on the screen is displayed. You may try to get it.

Alternatively, the pass / block control function 122 of the controller 12 monitors the key code returned from the USB keyboard 30-1 when the authentication unit 11 determines that the user belongs to yet another group C, for example. The input of the Enter key may be blocked. That is, if the pass / cutoff control function 122 of the controller 12 includes the Enter key at the end of the key code string in which the data from the USB keyboard 30-1 is input, the data may be discarded. .. Alternatively, the pass / cutoff control function 122 of the controller 12 uses the data in which the Enter key is deleted from the key input data returned from the USB keyboard 30-1 as the key input of the USB keyboard 30-1 in the controller 12. It may be transferred (passed) to the USB device function.

Further, the passage / cutoff control function 122 of the controller 12 stores the operation event as a history (log) so that an appropriate operation event is generated on behalf of the USB device 30 at the timing of the authentication result by the authentication unit 11. You may do it. For example, when a key on the USB keyboard 30-1 is pressed by a user authenticated by the authentication unit 11 (a key-down event occurs), the access authority based on the authentication result in the authentication unit 11 is the USB keyboard 30-. When the passage of data from 1 is switched to cutoff, the pass / cutoff control function 122 of the controller 12 substitutes for the USB keyboard 30-1 for the key-up event equivalent information of the key, for example, at the timing of the cutoff. The generated and generated key-up event equivalent information of the key may be transferred to the USB device function in the controller 12.

When a PS / 2 keyboard or the like detects that a key is pressed or released, a scan code unique to the key is sent to the CPU (Central Processing Unit). The scan code that occurs when a key is pressed is called the make code, and the scan code that occurs when the key is released is called the break code. When the auto-repeat process is performed on the keyboard side, the make code is generated periodically while the key is pressed, but the break code is transmitted when the key is released. On the other hand, with a USB keyboard, instead of sending to the USB host which key was released (there is no break code), the state after the key is released is sent to the poll from the USB host. Become. The USB host determines that the key has been released from the state transmitted from the USB keyboard.

In the relay device 10, the passage / cutoff control function 122 of the controller 12 is at the timing when the access authority of the user based on the authentication result is switched from the access permission to the non-permission of the USB keyboard 30-1 by the authentication unit 11. When it is determined that the key-down event state is reached until immediately before the timing by referring to the operation event history, the key-up event equivalent information of the key (for example, a key different from the key (dummy key: for example, a control key different from the key, etc.) (Data in the state where is pressed) may be generated on behalf of the user and transferred to the USB device function in the controller 12.

In response to polling from the information terminal 20, the USB device function in the controller 12 returns the data generated by the passage / cutoff control function 122 of the controller 12 on behalf of the controller 12. The information terminal 20 that has received this data recognizes that the key has been released (occurrence of a key-up event).

The user authentication by the authentication unit 11 is preferably repeated (for example, once per second).

FIG. 8 is a diagram illustrating the functional configuration of the authentication unit 11 and the controller 12 of FIG. 3 in a block diagram. The authentication unit 11 includes an image data acquisition unit 111, a face authentication unit 112, and an access authority acquisition unit 113. The image data acquisition unit 111 acquires the image data captured by the camera 13. The camera 13 may store the image data captured by the moving image in a patrol buffer or the like in the camera 13, and the image data acquisition unit 111 may extract, for example, one frame of image data from the moving image. Alternatively, the image data acquisition unit 111 may periodically (for example, at 1-second intervals) send an imaging start command to the camera 13 to acquire a still image from the camera 13.

The face recognition unit 112 acquires image data (for example, image data for one frame) from the image data acquisition unit 111, and performs face detection from the image data. The face recognition unit 112 detects the contour (edge) of the face by extracting the edge of the image data (image data for one frame) using, for example, a filter such as horizontal or vertical. Next, the face recognition unit 112 extracts the detected feature amount of the face image (for example, the inter-eye distance or the like may be extracted as one of the feature amounts of the face).

Then, the face recognition unit 112 has the extracted face feature amount and the face photo image data of each person (for example, an employee, a contract employee, an outsider, etc.) of the registration data recorded in advance in the registration data storage unit 16. The degree of similarity is calculated by comparing with (face feature amount), and it is identified which of the pre-registered persons the user imaged by the camera 13 is. The registered data storage unit 16 may be configured by a semiconductor memory such as RAM or EEPROM, or may be configured by HDD, SSD (Solid State Drive) or the like.

When the face authentication of the user is successful, the face authentication unit 112 outputs the identification information (ID) of the face-authenticated user to the access authority acquisition unit 113.

The face authentication unit 112 refers to the registration data (employee attribute data, etc.) recorded in advance in the registration data storage unit 16 based on the user's identification information (ID), and refers to the user's information terminal 20. Access authority information (for example, whether it belongs to a group in which parameter setting from the information terminal 20 is permitted, or a group in which parameter setting from the information terminal 20 is not permitted, etc.) is extracted.

FIG. 9A schematically shows an example of the registered data 161 stored in the registered data storage unit 16. In FIG. 9A, for the sake of simplicity, the registered data 161 stored in the registered data storage unit 16 is used as the registered data 161.
・ Face photo image data (face feature amount) and
・ Employee (user) attribute data (name, affiliation, job title, etc.),
・ Access authority information of the employee (user) or the group to which the employee (user) belongs,
Is illustrated as one entry, but it goes without saying that the data structure of the registered data 161 is not limited to such a configuration. For example, facial photograph image data (face feature amount), employee attribute data (affiliation, job title, etc.), and access authority information corresponding to the affiliation, job title, etc. are distributed in separate storage devices. Of course, it may be.

In addition, face photo image data (face feature amount), employee attribute data (affiliation, position, etc.), and access authority information are stored in a management database (not shown), and the authentication unit 11 of the relay device 10 performs face recognition. You may want to get the information from the management database when you do.

Alternatively, the authentication unit 11 of the relay device 10 acquires information from the management database, and the identification information, face photo image data (face feature amount), and access authority information of the user who has succeeded in face recognition are registered data of the relay device 10. It may be held in the storage unit 16 as a cache. By doing so, when the authentication unit 11 performs face recognition of a user who frequently operates the information terminal 20 or a user who operates the information terminal 20 for a long time (for example, every second), the relay device 10 The information that hits the registered data cached in the registered data storage unit 16 can be used, and access to the management database is omitted, which contributes to speeding up the face recognition process. The facial photograph image data (face feature amount) may be a facial photograph (digital image data), may be a stored facial feature amount, or may store both a facial photograph and a facial feature amount. You may do so.

The access authority acquisition unit 113 may store the ID, date / time information (time stamp), and access authority of the user who has succeeded in face recognition in the authentication history storage unit 17. At that time, when the same user continuously operates the information terminal 20, the access authority acquisition unit 113 may store the authentication start time and the authentication failure time as a pair in association with the user. The authentication history storage unit 17 may be configured by a semiconductor memory such as RAM or EEPROM, or may be configured by HDD, SSD (Solid State Drive) or the like.

Further, referring to FIG. 8, the controller 12 has a rewriting function (rewriting unit) 121, a passing / blocking control function (passing / blocking control unit) 122, a USB device function 123, and a USB host described with reference to FIG. It has a function 124. The passing / blocking control function (passing / blocking control unit) 122 receives the authentication result of the authentication unit 11, and either discards (blocks) the data received by the USB host function 124 from the USB device 30 or sends it to the USB device function 123. Controls the transfer (passage) of.

The device-side connection unit 14 is a physical communication interface such as a USB connector (port). The information terminal side connection unit 15 is a physical interface such as a USB cable.

The rewriting function 121 transmits the device information in which the device information (device descriptor, configuration descriptor, interface descriptor) from the USB device 30 is rewritten to the information terminal 20 in response to the device information acquisition request from the information terminal 20.

The pass / block control function 122 responds to polling from the USB host function unit 124 when, for example, the access authority of the user currently authenticated by the authentication unit 11 disallows the operation of the USB device 30. Even if the data returned from the USB device 30 is discarded and the polling event of the USB host function 124, the date and time (time information), the processing content (discard), etc. are recorded in the operation event history storage unit 18. good. The operation event history storage unit 18 may be configured by a semiconductor memory such as RAM or EEPROM, or may be configured by HDD, SSD (Solid State Drive) or the like.

The controller 12 reports an alarm (alarm sound, display) from the alarm device (not shown) when the data packet from the USB device 30 is discarded by the pass / block control function 122 based on the access authority from the authentication unit 11. A flash of a light (red lamp), etc.) may be output.

Similarly, in step S5 of FIG. 2, when a person (for example, an outsider) who is not authenticated by the authentication unit 11 tries to access the information terminal 20, the controller 12 may notify the alarm. The alarm device (not shown) may be provided inside the relay device 10 or may be arranged externally to the relay device 10.

FIG. 9B is a diagram illustrating an example of the authentication history 171 stored in the authentication history storage unit 17 of FIG. Referring to FIG. 9B, the authentication history 171 schematically shows the authentication result and time of the user in the authentication unit 11 of FIG. 4, and the history of the access authority of the user. In the authentication history storage unit 17, the authentication history storage unit 17 may record the time period during which the user has been continuously authenticated (the time from the authentication start time to the time when authentication becomes impossible due to standing up, etc.) as the authentication date / time information. good.

FIG. 9C is a diagram illustrating an example of an operation event history storage unit 18 in which an operation event is recorded in correspondence with time information by the passage / cutoff control function 122. Although not particularly limited, the operation event history 181 stored in the operation event history storage unit 18 corresponds to the history number.

Data exchanged between the pass / block control function 122 and the USB host function 124 in the controller 12,
Data exchanged between the passage / cutoff control function 122 and the USB device function 123 in the controller 12,
・ Date and time information (time stamp),
-Data processing content (passing, discarding) by the passing / blocking control function 122,
Further, as a result of analyzing the data received from the USB host function in the controller 12 by the passage / cutoff control function 122, if the operation on the USB device 30 that is the source of the data can be extracted, each of the operations is performed. It is stored as a table with columns.

In the operation event history 181, when the data from the USB device 30 is discarded (blocked) by the passage / cutoff control function 122, the operation obtained by analyzing the data is recorded in the operation column of the peripheral device. You may. In the example of FIG. 9C, in the history number N, the data (DATA _N ) from the USB device 30 includes the numerical string + Enter key input, and in the passage / cutoff control function 122, it is determined that the data (DATA N) is the parameter input in the USB device 30, and the access authority is obtained. It is recorded that the data is blocked because it exceeds. If the passage / cutoff control function 122 cannot extract the corresponding operation of the USB device 30 even if the data is analyzed, it may be recorded to that effect. In the passage / cutoff control function 122, even when the data from the USB device 30 is transferred to the USB device function in the controller 12, the corresponding operation of the USB device 30 may be extracted even if the data is analyzed. good.

In response to an instruction from the administrator or the like, the controller 12 associates the operation event history 181 stored in the operation event history storage unit 18 with the authentication history 171 stored in the authentication history storage unit 17, for example, a transaction. It may be configured to detect that the data packet is discarded for the poll of N and detect that the ID of the user operating at that time is A.

The controller 12 may notify the information terminal 20, a management server (not shown), or the like that the data received from the USB device 30 has been discarded by the passage / cutoff control function 122. In the example of the operation event history 181 of FIG. 9C, the user A belonging to the browsing group inputs the numerical string and the Enter key (that is, inputs the parameters, etc. from the USB keyboard 30-1), and the relay device 10 It can be seen that the data was discarded.

If the controller 12 is configured to output an alarm report to the alarm device (not shown) of the relay device 10 when the data from the USB device 30 is discarded based on the access authority from the authentication unit 11, the alarm is given. The report may include user ID information, name, operation details on the USB device, and the like.

Further, the controller 12 may record the content of the alarm report in the operation event history storage unit 18 in association with the discarded packet.

The USB device 30 (USB keyboard 30-1 and USB mouse 30-2) is connected to the two USB ports of the relay device 10 in the power-off state, and the USB cable of the relay device 10 is connected to the USB port of the information terminal 20. However, the USB device function in the controller 12 is not in the powered state (Powered) unless the power of the relay device 10 is turned on. The bus-powered USB device (USB keyboard 30-1 and USB mouse 30-2) connected to the relay device 10 in the power-off state is also not in the power-on state (Powered).

When the USB keyboard 30-1 and the USB mouse 30-2 are connected and the power of the relay device 10 connected to the USB port of the information terminal 20 is turned on, the relay device 10 is in the power-on state (Powered) and information is provided. The reset between the terminal 20 and the relay device 10 and the reset between the relay device 10 and the USB device 30 are performed. The USB host function of the controller 12 of the relay device 10 acquires device information (device descriptor, configuration descriptor, interface descriptor, etc.) from the USB keyboard 30-1 and the USB mouse 30-2, and the rewrite function 121 of the controller 12 determines. In the procedure described above, pseudo composite device information having both the functions of the USB keyboard 30-1 and the USB mouse 30-2 is generated, and the USB device function of the controller 12 responds to the device information acquisition request from the information terminal 20. Returns pseudo composite device information (device descriptor, configuration descriptor, interface descriptor, etc.). In the device descriptor of the pseudo composite device, the product ID field (idProduct) is rewritten, the number of interfaces of the configuration descriptor is set to 2, and two interface descriptors are created.

Further, when the relay device 10 is connected to the USB port of the information terminal 20 in a state where no USB device is connected to the relay device 10 in the power-on state, after resetting, a device descriptor request from the information terminal 20 ( GET_DESCRIPTOR (DEVICE)) is transferred to the relay device 10 (S13 in FIG. 6). The relay device 10 may not return the device descriptor to the information terminal 20. Therefore, the second reset in FIG. 6 (S14 in FIG. 6), the address setting request (SET_ADDR) (S15 in FIG. 6), the remaining device descriptor request (GET_DESCRIPTOR (DEVICE)) (S16 in FIG. 6), and the configuration. The descriptor request (GET_DESCRIPTOR (CONFIGURATION)) (S17 in FIG. 6) and the configuration setting request (SET_CONFIGURATION) (S18 in FIG. 6) are not made. In this case, the device driver of the relay device 10 is unnecessary in the information terminal 20.

In this state, when, for example, one USB device 30 is connected to the relay device 10, the USB host function of the controller 12 of the relay device 10 resets between the relay device 10 and the USB device 30 from the USB device 30. Acquire device information (device descriptor, configuration descriptor, interface descriptor, etc.). A reset is also performed between the information terminal 20 and the relay device 10, and the USB device function of the controller 12 of the relay device 10 is a device as one USB device 30 in response to a device information acquisition request from the information terminal 20. The information is returned to the information terminal 20.

After that, when another USB device 30 is connected to the relay device 10, the relay device 10 resets or the like again, and device information (device descriptor, configuration descriptor, interface descriptor, etc.) is transmitted from the plurality of USB devices 30. Is rewritten into a device descriptor (product ID column: idProduct) in which a plurality of USB devices 30 are used as one pseudo composite USB device, the configuration descriptor (number of interfaces) is set to 2, and two interface descriptors are created. , The device information acquisition request from the information terminal 20 may be returned.

In the above example, the case where the relay device 10 is a self-powered type has been described, but the USB device 30 which is a peripheral device connected to the relay device 10 is a device having a relatively low current consumption such as a mouse or a keyboard. In this case, a bus-powered type that receives power supply (for example, current 500 mA (milliampere) per USB port, power 2.5 W) from the USB port of the information terminal 20 may be used. In this case, the various storage units 16, 17, and 18 of FIG. 8 may be configured by, for example, EEPROM or the like without using an HDD or the like from the viewpoint of current consumption (power consumption).

When the relay device 10 is a bus-powered type, when the USB cable of the relay device 10 is connected to the USB port of the information terminal 20, the relay device 10 is in the power-on state (Powered). However, the relay device 10 does not return its own device descriptor in response to the device descriptor acquisition request from the information terminal 20 after the reset process. When the device 30 is connected to the power-on relay device 10 by USB, the self-powered power-on relay device 10 is connected to the USB port of the information terminal 20. The procedure is the same as when the USB device 30 is connected to the relay device 10 (power on state).

When the relay device 10 is a bus-powered type, the USB cable of the relay device 10 to which a plurality of bus-powered USB devices 30 (USB keyboard 30-1, USB mouse 30-2) are connected to the USB port is used as an information terminal. When connected to the USB port of 20, the relay device 10 is in the powered state (Powered). In this case as well, the USB host function of the controller 12 of the relay device 10 acquires device information (device descriptor, configuration descriptor, interface descriptor, etc.) from the USB device 30 (USB keyboard 30-1, USB mouse 30-2). The USB device function of the controller 12 of the relay device 10 returns the device information as a pseudo composite USB device to the information terminal 20 in response to the device information acquisition request from the information terminal 20.

10A and 10B are diagrams illustrating pseudo composite USB devices having different configurations. In FIG. 10A, the USB keyboard 30-1 and the USB mouse 30-2 are regarded as one pseudo composite device, and in FIG. 10B, the set of the USB keyboard 30-1 and the two USB mice 30-2 and 30-3 is regarded as one pseudo composite device. It is a composite USB device. In FIGS. 10A and 10B, the product IDs set in the device descriptors of the relay device 10 are different from each other. The OS activates one mouse driver for the two USB mice 30-2 and 30-3. Therefore, the mouse pointer on the screen is one for two mice, and the operation of the two mice is the operation of one mouse.

FIG. 11B describes a case where another USB device (USB mouse) 30-3 is newly connected to the relay device 10 (FIG. 11A) to which the USB keyboard 30-1 and the USB mouse 30-2 are connected. It is a figure to do. In the relay device 10, the USB keyboard 30-1 and the USB mouse 30-2 are regarded as one pseudo composite USB device (product ID = 001), and the device descriptor, the configuration descriptor, and the like are already set.

In this state, when the USB mouse 30-3 is connected to the relay device 10, the USB host function in the controller 12 resets the USB bus between the relay device 10 and the USB device 30, and a plurality of USBs are used. The device information of the device 30 (USB keyboard 30-1, USB mouse 30-2, USB mouse 30-3) is acquired, and it has a plurality of functions of the USB keyboard 30-1, the USB mouse 30-2, and 30-3. Generates pseudo device information for one pseudo composite USB device. For example, the rewrite function 121 of the controller 12 generates a device descriptor (process ID = 002)) as pseudo device information, generates a configuration (number of interfaces = 3), and generates three interface descriptors from the information terminal 20. It is sent in response to the device information acquisition request of. The information terminal 20 activates a device driver corresponding to the device descriptor (process ID = 002).

On the other hand, when the USB mouse 30-3 is pulled out from the relay device 10 from the configuration of FIG. 11B, the bus is reset, and one pseudo composite USB device including the USB keyboard 30-1 and the USB mouse 30-2 is provided. The device information is rewritten. That is, the rewrite function 121 of the controller 12 sets the device descriptor (process ID = 001) and the configuration (number of interfaces = 2).

FIG. 12 illustrates a configuration in which an input device (peripheral device 30-1, 30-2) and an output device (peripheral device 30-4) are connected as the peripheral device 30 in the configuration of FIG. 1B when viewed from the information terminal 20. It is a figure. The communication interfaces 40-0 and 40-2 and the communication interfaces 40-3 and 40-4 may be different interfaces.

Of course, in FIG. 12, the output device (peripheral device 30-4) may be a USB device. In this case, in FIG. 8, the pass / block control function 122 in the controller 12 receives data from the information terminal 20 received by the USB device function 123 in the controller 12 based on the authentication result in the authentication unit 11 in the controller 12. Controls transfer (passage) and discard (block) to the USB host function 124. When the authentication result (access authority) in the authentication unit 11 is access permission, the USB host function 124 in the controller 12 outputs the data received from the passage / blocking control function 122 (see FIG. 8) to the output device (USB device 30-). An OUT token packet is transmitted to 4), and then a data packet is transmitted. In FIG. 12, when the peripheral device (30-4) is a USB output device, the transfer mode between the USB host and the USB device may be bulk transfer. Alternatively, in the case of an output USB device or the like that requires continuous and real-time performance, isochronous transfer may be used.

FIG. 13A is a diagram showing a configuration example in which, for example, an LCD (Liquid Crystal Display) device is connected as the peripheral device 30-4 of FIG. The LCD device 30-4 may be a USB display or another interface display.

The controller 12 of the relay device 10 captures the video information transmitted from the information terminal 20 to the LCD device 30-4 by the relay device 10, and displays the LCD according to the user's access authority information acquired by the authentication unit 11. (LCD display device) The content of the image to be displayed on 30-4, the brightness, or the like may be variably controlled. For example, the controller 12 analyzes the video information from the information terminal 20 and hides the display of the information column related to the preset keyword according to the access authority based on the user's department, job title, etc. ( It may be displayed in black) or the like.

In FIG. 13B, the video output from the display unit (LCD display 21) of the information terminal 20 is branched by the distributor 22 and input to the relay device 10, and based on the access authority identified by the authentication unit 11, the USB keyboard 30-. 1. The input of the USB mouse 30-2 may be controlled. The interface between the relay device 10 and the distributor 22 may be, for example, VGA (Video Graphics Array), DVI (Digital Visual Interface), HDMI (High-Definition Multimedia Interface: registered trademark), or the like.

14A and 14B are diagrams illustrating an example of control of the relay device 10 in FIG. 13B. The relay device 10 inputs video output from the display unit (LCD display 21) of the information terminal 20 and generates (updates) screen (frame) information. On the screen of FIG. 14A, the controller 12 may recognize the shape of the mouse pointer (mouse cursor) 212 in a pattern. When the "parameter setting screen" is selected while the screen of FIG. 14A is displayed on the display unit (LCD display 21) of the information terminal 20, the screen is updated to the screen of FIG. 14B. When the mouse pointer (mouse cursor) 212 is located above the update button, the input of the USB mouse 30-2 is blocked for a user who does not have access authority for parameter setting, and the display unit of the information terminal 20 is further blocked. The screen (video signal) of the (LCD display 21) may be turned off (video information is not displayed on the screen).

As the second embodiment, a part of the function of the relay device 10 of the first embodiment is implemented as a part of the function of the USB hub. The system configuration of the second embodiment is the same as the configuration described with reference to, for example, FIGS. 1B and 3. Further, the access control operation of the user to the peripheral device 30 in the relay device 10 of the second embodiment is basically the same as the operation described with reference to FIG.

FIG. 15 is a diagram illustrating a second embodiment and corresponds to FIG. 4 referred to in the description of the first embodiment. In the second embodiment, the controller 12 of the relay device 10 looks into the contents of the control transfer and what kind of USB device is connected (what kind of device is connected to which data transfer pipe). It is possible to grasp. In the relay device 10, the device connection information (for example, device descriptor, etc.) of the USB device is not rewritten.

In the relay device 10 of FIG. 15, a plurality of USB devices 30 connected to the relay device 10 are not aggregated into a single pseudo-composite device, and the vendor ID, product ID, etc. in the device descriptor from each USB device 30 are displayed. It is transferred to the information terminal 20 as it is. That is, the device descriptor acquisition request, the configuration descriptor acquisition request, the address setting request, etc. (request by control transfer) from the information terminal 20 are directly transferred to the USB device 30 via the controller 12 of the relay device 10 for each request. The data packet (each descriptor) from the USB device is also transferred to the information terminal 20 as it is.

Further, in the pass / block control function 125, the pass / block of data transfer (rewriting of polling data) is executed for the data of the data transfer pipe according to the authentication result.

From the information terminal 20, the relay device 10 is transparent. For example, a data inquiry (polling: IN token packet) or an OUT token packet from the information terminal 20 to the USB device 30 may be forwarded to the USB device 30 as it is.

The pass / block control function 125 of the controller 12 is based on the authentication result of the authentication unit 11, and when the access authority of the currently authenticated user disallows the operation of the USB device 30, for example, information. In response to a data inquiry (polling: IN token packet) from the terminal 20 to the USB device 30, the data packet returned from the USB device 30 may be discarded.

Further, the pass / block control function 125 of the controller 12 is based on the authentication result of the authentication unit 11, and the access authority of the currently authenticated user disallows the operation of the USB device 30, for example. The pass / block control function 125 of the controller 12 may control the USB device 30 so as to discard polling (IN token packet) or OUT token packet from the information terminal 20.

Alternatively, the pass / block control function 125 of the controller 12 may return, for example, STALL (device-side inoperability) to the information terminal 20 in response to the polling (IN token packet) from the information terminal 20.

The passage / cutoff control function 125 of the controller 12 may record the operation event history for each transaction. Although not particularly limited, the passage / cutoff control function 125 can be used as an operation event history, for example.
-IN token packet or OUT token packet from the information terminal 20, etc.
・ Date and time information (time stamp),
A data packet returned from the USB device 30 in response to the polling.
-Processing content such as passage, discard, etc. of the data packet by the pass / block control function 125, or return of the handshake packet STALL, etc.
-The operation or the like on the USB device 30 obtained by analyzing the data returned from the USB device 30 may be recorded.

When the authentication result in the authentication unit 11 disallows a specific operation among the operations of the USB device 30 by the user, when the controller 12 receives the polling (IN token packet) from the information terminal 20, it passes. The cutoff control function 125 may analyze the data and perform the following control (but not limited to the following).

-If the data does not correspond to an unauthorized operation, a data packet containing the data is returned to the information terminal 20.
-If the data contains information (code) corresponding to an unauthorized operation, the data is rewritten and returned to the information terminal 20.
-If the data contains information (code) corresponding to an unauthorized operation, STALL (device side inoperability) is returned as a handshake packet for the IN token packet from the information terminal 20, or the information terminal 20 sends. Returns nothing for IN token packets.

Further, the pass / block control function 125 of the controller 12 is an information terminal when the authentication result of the authentication unit 11 disallows the user to view information on the USB device 30 (for example, an output device such as a display device). The data packet following the OUT token packet for the USB device 30 from 20 may be discarded. Alternatively, in the pass / cutoff control function 125 of the controller 12, the display data on the USB device 30 (for example, a display device) is processed by a blur filtering process or the like so that the user cannot distinguish or make it difficult to see, and then the USB device. It may be transmitted to 30 (for example, a display device).

The relay device 10 described in the above embodiment may be mounted on the computer device 500, for example, as shown in FIG. Referring to FIG. 16, the computer device 500 includes a processor (CPU (Central Processing Unit), data processing device) 501, a semiconductor memory (for example, RAM (Random Access Memory), ROM (Read Only Memory), or EEPROM (Electrically Erasable). And Programmable ROM) etc.), HDD (Hard Disk Drive), CD (Compact Disc), DVD (Digital Versatile Disc), etc., and a storage device 502 including at least one of them, and a communication interface 503. By executing the program stored in the storage device 502, the functions of the authentication unit 11 and the controller 12 of the relay device 10 described in the above embodiment may be realized. The communication interface 503 includes the communication interface 40-0 of FIG. 1B.

In FIG. 16, the computer device 500 includes a display device (display device such as an LED (Light Emitting Diode) for alarm notification) connected to the processor 501, or the communication interface 503 is connected to the external display device. It may be configured to include a communication interface such as a NIC (Network Interface Card). Alternatively, in FIG. 14, the computer device 500 includes an alarm device (alarm sound generation speaker device) (not shown) connected to the processor 501, or an external alarm device 504 (alarm sound generation speaker device, indicator light, etc.). The configuration may include a communication interface 503'such as a NIC connected to the speaker. Further, the communication interface 503 may be configured to include a communication interface such as a NIC connected to a management database or the like that manages employee data.

As a modification of the above embodiment, an employee card (for example, an RFID (Radio Frequency Identifier) card, a tag) possessed by a user (employee) at the workplace may be used. In this case, the user's face photo image data, user ID, affiliation, job title, and access authority information are stored in advance in the employee card (RFID card), and the authentication unit 11 stores the employee card (RFID card). Therefore, even if the registration data is read by the RFID reader, the user's face image captured by the camera 13 and the registration data are collated, and if they match, the person is determined to be the person and the access authority information is output to the controller 12. good. Alternatively, in addition to face recognition, other biometrics (eg, iris authentication, etc.) may be used.

Of course, in the above embodiment, the communication interface is not limited to USB. For example, the communication interface may be a wireless LAN (Local Area Network) such as Bluetooth (registered trademark), and the keyboard, mouse, and LCD display of the peripheral device 30 may be, for example, a Bluetooth keyboard, a Bluetooth mouse, a Bluetooth display, or the like.

The disclosure of Patent Document 1 described above shall be incorporated into this document by citation. Within the framework of the entire disclosure (including the scope of claims) of the present invention, it is possible to change or adjust the embodiments or examples based on the basic technical idea thereof. Further, various combinations or selections of various disclosure elements (including each element of each claim, each element of each embodiment, each element of each drawing, etc.) are possible within the scope of the claims of the present invention. .. That is, it goes without saying that the present invention includes all disclosure including claims, various modifications and modifications that can be made by those skilled in the art in accordance with the technical idea.

The above-described embodiment is added, for example, as follows (but not limited to the following).

(Appendix 1)
An operation authentication relay device connected between an information terminal and one or a plurality of peripheral devices communicatively connected to the information terminal.
It is recognized as a peripheral device by the information terminal and is recognized as a peripheral device.
It is recognized as an information terminal by the peripheral devices and is recognized as an information terminal.
An authentication means that operates the peripheral device to authenticate a user who uses the information terminal, and an authentication means.
An operation authentication relay device comprising a control means for controlling relay of a signal between the peripheral device and the information terminal based on the authentication result of the user by the authentication means.

(Appendix 2)
The operation authentication relay device connected to a plurality of peripheral devices is recognized by the information terminal as one complex type peripheral device having each function of the plurality of peripheral devices. The operation authentication relay device according to Appendix 1.

(Appendix 3)
The control means passes or blocks an operation event transmitted or received by the peripheral device to and from the information terminal via the communication interface based on the attribute of the user which is the authentication result of the authentication means. The operation authentication relay device according to Appendix 1 or 2, wherein the operation authentication relay device is described.

(Appendix 4)
The control means further causes an operation event that the peripheral device transmits or receives from the information terminal via a communication interface according to a combination of the authentication result, the type of the peripheral device, and the operation event. The operation authentication relay device according to any one of Supplementary note 1 to 3, wherein the operation authentication relay device is characterized by passing or blocking the passage.

(Appendix 5)
The operation authentication relay device according to any one of Supplementary note 1 to 4, wherein the control means stores an operation event between the information terminal and the peripheral device in a storage unit.

(Appendix 6)
It is characterized in that an operation event is generated on behalf of the peripheral device and transmitted to the information terminal based on the authentication result from the authentication means or at the timing of output of the authentication result from the authentication means. The operation authentication relay device according to any one of Supplementary note 1 to 5.

(Appendix 7)
The authentication means stores the user's authentication history in a storage unit, and the authentication means stores the user's authentication history in a storage unit.
Described in Appendix 5 or 6, wherein the control means extracts the operation content performed by the user on the peripheral device by associating the user's authentication history with the operation event history. Operation authentication relay device.

(Appendix 8)
The authentication means identifies the access authority information corresponding to the user based on the biometric authentication result of the user.
Addendum 1 to 7 characterized in that the control means controls the transfer of a signal between the information terminal and the peripheral device operated by the user based on the access authority information corresponding to the user. Operation authentication relay device described in any of.

(Appendix 9)
The control means is characterized in that when it detects an operation of the peripheral device that exceeds the access authority information of the user, it invalidates the operation or issues an alarm, at least one of them. The operation authentication relay device according to any one of 8 to 8.

(Appendix 10)
The peripheral device includes a display device and an input device, and the control means receives information displayed on the screen of the display device based on the access authority information of the user, and input from the screen of the display device by the input device. The operation authentication relay device according to any one of Supplementary note 1 to 9, wherein the operation authentication relay device is characterized in that.

(Appendix 11)
The operation authentication relay device according to any one of Supplementary note 1 to 10, wherein the authentication means repeatedly authenticates at predetermined time intervals.

(Appendix 12)
The control means rewrites the device identification information of the control plane so that the plurality of peripheral devices connected to the relay device can be seen from the information terminal as a single peripheral device, and then the information terminal. The operation authentication relay device according to any one of Supplementary note 1 to 11, characterized in that the device is notified to the user.

(Appendix 13)
When the types of constituent devices of the plurality of peripheral devices are different for a plurality of peripheral devices in which the device identification information is rewritten so that the control means can be seen as a single peripheral device when viewed from the information terminal, the device identification information The operation authentication relay device according to any one of Supplementary note 1 to 12, wherein the device identification information different from that of the above is notified to the information terminal side.

(Appendix 14)
When the combination of one or a plurality of peripheral devices connected to the relay device is changed, the control means performs device identification processing by the information terminal after resetting the communication interface with the information terminal. The operation authentication relay device according to any one of Supplementary note 1 to 13, wherein the operation authentication relay device is controlled so as to be executed again.

(Appendix 15)
An operation authentication relay device including a hub (for example, a USB hub) for relaying communication between the peripheral device and the information terminal so that a plurality of peripheral devices connected to the information terminal can be connected.
An authentication means that operates the peripheral device to authenticate a user who uses the information terminal, and an authentication means.
An operation authentication relay device comprising a control means for controlling relay of a signal between the peripheral device and the information terminal based on the authentication result of the user by the authentication means.

(Appendix 16)
The control means passes or blocks an operation event transmitted or received by the peripheral device to and from the information terminal via the communication interface based on the attribute of the user which is the authentication result of the authentication means. The operation authentication relay device according to Appendix 15, wherein the operation authentication relay device is described.

(Appendix 17)
The control means further causes an operation event to be transmitted or received by the peripheral device to and from the information terminal via a communication interface according to a combination of the authentication result, the type of the peripheral device, and the operation event. The operation authentication relay device according to Supplementary Note 15 or 16, wherein the device is passed through or blocked.

(Appendix 18)
The operation authentication relay device according to any one of Supplementary note 15 to 17, wherein the control means stores an operation event between the information terminal and the peripheral device in a storage unit.

(Appendix 19)
It is characterized in that an operation event is generated on behalf of the peripheral device and transmitted to the information terminal based on the authentication result from the authentication means or at the timing of output of the authentication result from the authentication means. The operation authentication relay device according to any one of Supplementary note 15 to 18.

(Appendix 20)
The authentication means stores the user's authentication history in a storage unit, and the authentication means stores the user's authentication history in a storage unit.
The description in Appendix 18 or 19, wherein the control means extracts the operation content performed by the user on the peripheral device by associating the authentication history of the user with the operation event history. Operation authentication relay device.

(Appendix 21)
The authentication means identifies the access authority information corresponding to the user based on the biometric authentication result of the user.
Addendum 15 to 20 characterized in that the control means controls the transfer of a signal between the information terminal and the peripheral device operated by the user based on the access authority information corresponding to the user. Operation authentication relay device described in any of.

(Appendix 22)
When the control means detects an operation of the peripheral device that exceeds the access authority information of the user, the control means either invalidates the operation or issues an alarm, or at least one of them. The operation authentication relay device according to any one of 21 to 21.

(Appendix 23)
The peripheral device includes a display device and an input device, and the control means receives information displayed on the screen of the display device based on the access authority information of the user, and input from the screen of the display device by the input device. The operation authentication relay device according to any one of Supplementary note 15 to 22, wherein the operation authentication relay device is characterized.

(Appendix 24)
The operation authentication relay device according to any one of Supplementary note 15 to 23, wherein the authentication means repeatedly authenticates at predetermined time intervals.

(Appendix 25)
There is an operation authentication relay method by a relay device connected between an information terminal and one or a plurality of peripheral devices that are connected to the information terminal by communication and input information to the information terminal.
It is recognized as a peripheral device by the information terminal and is recognized as a peripheral device.
It is recognized as an information terminal by the peripheral devices and is recognized as an information terminal.
By operating the peripheral device and authenticating the user who uses the information terminal,
An operation authentication relay method comprising controlling relay of an operation signal of the peripheral device to the information terminal by the user based on the authentication result of the user.

(Appendix 26)
The operation authentication relay device connected to a plurality of peripheral devices is recognized by the information terminal as one complex type peripheral device having each function of the plurality of peripheral devices. The operation authentication relay method according to Appendix 25.

(Appendix 27)
Addendum 25 or, characterized in that the peripheral device passes or blocks an operation event transmitted or received from the information terminal via the communication interface based on the attribute of the user, which is the authentication result. The operation authentication relay method according to 26.

(Appendix 28)
Further, depending on the combination of the authentication result, the type of the peripheral device, and the operation event, the peripheral device passes or blocks the operation event transmitted or received from the information terminal via the communication interface. The operation authentication relay method according to any one of the appendices 25 to 27.

(Appendix 29)
The operation authentication relay method according to any one of Supplementary Provisions 25 to 28, wherein an operation event between the information terminal and the peripheral device is stored in a storage unit.

(Appendix 30)
Described in any of the appendices 25 to 29, characterized in that an operation event is generated on behalf of the peripheral device and transmitted to the information terminal based on the authentication result or at the timing of outputting the authentication result. Operation authentication relay method.

(Appendix 31)
The user's authentication history is stored in the storage unit, and the user's authentication history is stored in the storage unit.
The operation authentication relay method according to Appendix 29 or 30, wherein the operation content performed by the user on the peripheral device is extracted by associating the user's authentication history with the operation event history. ..

(Appendix 32)
Based on the biometric authentication result of the user, the access authority information corresponding to the user is specified, and the access authority information is specified.
The description in any one of Supplementary Provisions 25 to 31, wherein the transfer of a signal between the information terminal and the peripheral device operated by the user is controlled based on the access authority information corresponding to the user. Operation authentication relay method.

(Appendix 33)
Any of the appendices 25 to 32, wherein when the operation of the peripheral device exceeding the access authority information of the user is detected, at least one of the operation is invalidated or an alarm is issued. Operation authentication relay method described in.

(Appendix 34)
The peripheral device includes a display device and an input device, and controls information displayed on the screen of the display device and input from the screen of the display device by the input device based on the access authority information of the user. The operation authentication relay method according to any one of Supplementary Provisions 25 to 33.

(Appendix 35)
The operation authentication relay method according to any one of Supplementary Provisions 25 to 34, wherein authentication is repeatedly performed at predetermined time intervals.

(Appendix 36)
Rewriting the device identification information of the control plane so that the plurality of peripheral devices connected to the relay device can be seen from the information terminal as a single peripheral device, and then notifying the information terminal. The operation authentication relay method according to any one of Supplementary Provisions 25 to 35.

(Appendix 37)
For a plurality of peripheral devices whose device identification information has been rewritten so that they can be seen as a single peripheral device when viewed from the information terminal, when the types of constituent devices of the plurality of peripheral devices are different, the device identification is different from the device identification information. The operation authentication relay method according to any one of Supplementary Provisions 25 to 36, wherein the information is notified to the information terminal side.

(Appendix 38)
When the combination of one or more peripheral devices connected to the relay device is changed, the device identification process by the information terminal is executed again after resetting the communication interface with the information terminal. The operation authentication relay method according to any one of Supplementary note 25 to 37, which is controlled by the above method.

(Appendix 39)
This is an operation authentication relay method using a hub function that enables connection to a plurality of peripheral devices that are communication-connected to an information terminal and relays communication between the peripheral device and the information terminal.
By operating the peripheral device and authenticating the user who uses the information terminal,
An operation authentication relay method comprising controlling relaying of a signal between the peripheral device and the information terminal based on the authentication result of the user by the authentication means.

(Appendix 40)
A computer constituting an operation authentication relay device connected between an information terminal and one or a plurality of peripheral devices that are connected to the information terminal by communication and input information to the information terminal.
A process of controlling so that the information terminal recognizes it as a peripheral device and the peripheral device recognizes it as an information terminal.
Authentication processing that operates the peripheral device to authenticate the user who uses the information terminal, and
Based on the user's authentication result, the control process for controlling the relay of the operation signal of the peripheral device to the information terminal by the user, and the control process.
A program to execute.

(Appendix 41)
A process for controlling the operation authentication relay device connected to a plurality of peripheral devices so that the information terminal recognizes the operation authentication relay device as one complex type peripheral device having each function of the plurality of peripheral devices. The program according to Appendix 40 to be executed by the computer.

(Appendix 42)
The control process passes or blocks an operation event transmitted or received by the peripheral device to and from the information terminal via the communication interface based on the attribute of the user which is the authentication result in the authentication process. The program according to Appendix 40 or 41.

(Appendix 43)
The control process further performs an operation event that the peripheral device transmits or receives to and from the information terminal via the communication interface according to a combination of the authentication result, the type of the peripheral device, and the operation event. The program according to any one of Supplementary note 40 to 42, which passes through or blocks the passage of the above.

(Appendix 44)
The program according to any one of Supplementary note 40 to 43, wherein the control process stores an operation event between the information terminal and the peripheral device in a storage unit.

(Appendix 45)
Appendix 40 to 44, which generate an operation event on behalf of the peripheral device and transmit it to the information terminal based on the authentication result from the authentication process or at the timing of outputting the authentication result from the authentication process. The program described in any of.

(Appendix 46)
The authentication process stores the user's authentication history in the storage unit, and the authentication process stores the user's authentication history in the storage unit.
The program according to Supplementary Note 44 or 45, wherein the control process extracts the operation contents performed by the user on the peripheral device by associating the authentication history of the user with the operation event history.

(Appendix 47)
The authentication process identifies the access authority information corresponding to the user based on the biometric authentication result of the user.
The control process is described in any one of Supplementary note 40 to 46, which controls the transfer of a signal between the information terminal and the peripheral device operated by the user based on the access authority information corresponding to the user. Program.

(Appendix 48)
When the control process detects an operation of the peripheral device that exceeds the access authority information of the user, the control process either invalidates the operation or issues an alarm, at least one of the appendices 40 to 47. The program described in.

(Appendix 49)
In the control process, the peripheral device includes a display device and an input device, and the control process includes information displayed on the screen of the display device based on the access authority information of the user, and the display device by the input device. The program according to any one of Supplementary note 40 to 48, which controls the input from the screen of.

(Appendix 50)
The program according to any one of Supplementary note 40 to 49, wherein the authentication process repeatedly authenticates at predetermined time intervals.

(Appendix 51)
The control process rewrites the device identification information of the control plane so that the plurality of peripheral devices connected to the relay device can be seen from the information terminal as a single peripheral device, and then the information terminal. The program according to any one of the appendices 40 to 50, which is notified to.

(Appendix 52)
The control process performs the device identification information when the types of constituent devices of the plurality of peripheral devices are different for a plurality of peripheral devices whose device identification information is rewritten so as to be seen as a single peripheral device when viewed from the information terminal. The program according to any one of Supplementary note 40 to 51, which notifies the information terminal side of device identification information different from that of the above.

(Appendix 53)
In the control process, when the combination of one or a plurality of peripheral devices connected to the relay device is changed, the device identification process by the information terminal is performed after resetting the communication interface with the information terminal. The program according to any of Supplementary note 40 to 52, which is controlled to be executed again.

(Appendix 54)
A computer that constitutes a hub that allows communication between a plurality of peripheral devices connected to an information terminal and relays communication between the peripheral device and the information terminal.
Authentication processing that operates the peripheral device to authenticate the user who uses the information terminal, and
A program for executing a control process for controlling relay of a signal between the peripheral device and the information terminal based on the authentication result of the user by the authentication means.

(Appendix 55)
The control process passes or blocks an operation event transmitted or received by the peripheral device to and from the information terminal via the communication interface based on the attribute of the user which is the authentication result in the authentication process. The program according to Appendix 54.

(Appendix 56)
The control process further performs an operation event that the peripheral device transmits or receives to and from the information terminal via the communication interface according to a combination of the authentication result, the type of the peripheral device, and the operation event. The program according to Appendix 54 or 55, which passes through or blocks the passage of.

(Appendix 57)
The program according to any one of Supplementary Provisions 54 to 56, wherein the control process stores an operation event between the information terminal and the peripheral device in a storage unit.

(Appendix 58)
Addendum 54 to 57, which generates an operation event on behalf of the peripheral device and transmits it to the information terminal based on the authentication result from the authentication process or at the timing of outputting the authentication result from the authentication process. The program described in any of.

(Appendix 59)
The authentication process stores the user's authentication history in the storage unit, and the authentication process stores the user's authentication history in the storage unit.
The program according to Supplementary Note 57 or 58, wherein the control process extracts the operation contents performed by the user on the peripheral device by associating the authentication history of the user with the operation event history.

(Appendix 60)
The authentication process identifies the access authority information corresponding to the user based on the biometric authentication result of the user.
The control process is described in any one of Supplementary note 54 to 59, which controls the transfer of a signal between the information terminal and the peripheral device operated by the user based on the access authority information corresponding to the user. Program.

(Appendix 61)
When the control process detects an operation of the peripheral device that exceeds the access authority information of the user, the control process either invalidates the operation or issues an alarm, at least one of the appendices 54 to 60. The program described in.

(Appendix 62)
In the control process, the peripheral device includes a display device and an input device, and the control process includes information displayed on the screen of the display device based on the access authority information of the user, and the display device by the input device. The program according to any one of Supplementary Provisions 54 to 61, which controls the input from the screen of.

(Appendix 63)
The program according to any one of Supplementary note 54 to 62, wherein the authentication process repeatedly authenticates at predetermined time intervals.

10 Relay device 11 Authentication unit 12 Controller 13 Camera 14 Device side connection unit 14-1, 14-2 USB port 15 Information terminal side connection unit 16 Registration data storage unit 17 Authentication history storage unit 18 Operation event history storage unit 20 Information terminal 21 LCD display 22 distributor
30 Peripheral devices (USB devices)
30-1 Peripheral device (USB keyboard)
30-2 Peripheral device (USB mouse)
40, 40-0, 40-1, 40-2, 40-3, 40-n communication interface (USB interface)
111 Image data acquisition unit 112 Face authentication unit 113 Access authority acquisition unit 121 Rewriting function (rewriting unit)
122 Passing / blocking control function (passing / blocking control unit)
123 USB device function 124 USB host function 161 Registration data 171 Authentication history 181 Operation event history 211 Display screen 212 Mouse pointer 213 Parameter setting screen 500 Computer device 501 Processor 502 Storage device 503, 503'Communication interface 504 Alarm device

Claims (10)

An operation authentication relay device connected between an information terminal and one or a plurality of peripheral devices communicatively connected to the information terminal.
A control means for controlling relay of a signal between the peripheral device and the information terminal based on the authentication result of a user who operates the peripheral device and uses the information terminal is provided.
The control means controls the passage or blocking of communication transmitted or received by the peripheral device with the information terminal according to an operation event transmitted or received between the authentication result and the information terminal. , An operation authentication relay device characterized by that. The control means stores an operation event between the information terminal and the peripheral device in a storage unit, generates an operation event on behalf of the peripheral device according to the authentication result, and transmits the operation event to the information terminal. The operation authentication relay device according to claim 1, wherein the operation authentication relay device is characterized. The second aspect of claim 2, wherein the control means extracts the operation content performed by the user on the peripheral device by associating the authentication history of the user with the history of the operation event. Operation authentication relay device. The peripheral device includes a display device and an input device, and the control means receives information displayed on the screen of the display device based on the access authority information of the user, and input from the screen of the display device by the input device. The operation authentication relay device according to any one of claims 1 to 3, wherein the operation authentication relay device is used. The control means rewrites the device identification information of the control plane so that the plurality of peripheral devices connected to the operation authentication relay device can be seen as a single peripheral device when viewed from the information terminal, and then the control means. The operation authentication relay device according to any one of claims 1 to 4, wherein the information terminal is notified. The control means may be used when the types of constituent devices of the plurality of peripheral devices are different for the plurality of peripheral devices whose device identification information is rewritten so as to be seen as the single peripheral device when viewed from the information terminal. The operation authentication relay device according to claim 5, wherein device identification information different from the device identification information is notified to the information terminal side. When the combination of one or a plurality of peripheral devices connected to the operation authentication relay device is changed, the control means identifies the device by the information terminal after resetting the communication interface with the information terminal. The operation authentication relay device according to any one of claims 1 to 6, wherein the process is controlled so as to be executed again. The operation authentication relay device according to any one of claims 1 to 7, further comprising an authentication means for operating the peripheral device and authenticating the user who uses the information terminal. An operation authentication relay method using an operation authentication relay device connected between an information terminal and one or a plurality of peripheral devices that are connected to the information terminal by communication and input information to the information terminal.
Based on the authentication result of the user who operates the peripheral device and uses the information terminal, the user controls the relay of the operation signal of the peripheral device to the information terminal.
It is characterized in that the peripheral device controls the passage or blocking of communication transmitted or received between the information terminal and the authentication result according to an operation event transmitted or received between the information terminal and the information terminal. Operation authentication relay method. A computer constituting an operation authentication relay device connected between an information terminal and one or a plurality of peripheral devices that are connected to the information terminal by communication and input information to the information terminal.
It is a process of controlling the relay of the operation signal of the peripheral device to the information terminal by the user based on the authentication result of the user who operates the peripheral device and uses the information terminal.
A process of controlling the passage or blocking of communication transmitted or received by the peripheral device with the information terminal according to an operation event transmitted or received between the authentication result and the information terminal.
A program to execute.

Images